def callback():
"""
修改记录
"""
# 检查用户权限
_common_logic.check_user_power()
front_cover_img = web_helper.get_form('front_cover_img', '图片')
content = web_helper.get_form('content', '内容', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
fields = {
'front_cover_img': string(front_cover_img),
'content': string(content),
}
# 更新记录
_infomation_logic = infomation_logic.InfomationLogic()
result = _infomation_logic.edit_model(1, fields)
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback(id):
"""
修改记录
"""
name = web_helper.get_form('name', '产品名称')
code = web_helper.get_form('code', '产品编码')
product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
standard = web_helper.get_form('standard', '产品规格')
quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
place_of_origin = web_helper.get_form('place_of_origin', '产地')
front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
# 编辑记录
sql = """
update product
set name=%s, code=%s, product_class_id=%s, standard=%s, quality_guarantee_period=%s,
place_of_origin=%s, front_cover_img=%s, content=%s, is_enable=%s
where id=%s returning id"""
vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content,
is_enable, id)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
"""
新增记录
"""
name = web_helper.get_form('name', '产品名称')
code = web_helper.get_form('code', '产品编码')
product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
standard = web_helper.get_form('standard', '产品规格')
quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
place_of_origin = web_helper.get_form('place_of_origin', '产地')
front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
# 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值)
sql = """insert into product (name, code, product_class_id, standard, quality_guarantee_period,
place_of_origin, front_cover_img, content, is_enable)
values (%s, %s, %s, %s, %s, %s, %s, %s, %s) returning id"""
vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
"""
新增记录
"""
# 检查用户权限
_common_logic.check_user_power()
name = web_helper.get_form('name', '产品名称')
code = web_helper.get_form('code', '产品编码')
product_class_id = convert_helper.to_int0(
web_helper.get_form('product_class_id', '产品分类'))
standard = web_helper.get_form('standard', '产品规格')
quality_guarantee_period = web_helper.get_form('quality_guarantee_period',
'保质期')
place_of_origin = web_helper.get_form('place_of_origin', '产地')
front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
content = web_helper.get_form('content',
'产品描述',
is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
is_enable = convert_helper.to_int0(web_helper.get_form(
'is_enable', '是否启用'))
# 设置新增参数
fields = {
'name': string(name),
'code': string(code),
'product_class_id': product_class_id,
'standard': string(standard),
'quality_guarantee_period': string(quality_guarantee_period),
'place_of_origin': string(place_of_origin),
'front_cover_img': string(front_cover_img),
'content': string(content),
'is_enable': is_enable,
}
# 实例化product表操作类ProductLogic
_product_logic = product_logic.ProductLogic()
# 新增记录
result = _product_logic.add_model(fields)
# 判断是否提交成功
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
"""
修改记录
"""
content = web_helper.get_form('content', '内容', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
# 更新记录
sql = """update infomation set content=%s where id=2 returning id"""
vars = (content, )
# 写入数据库
result = db_helper.write(sql, vars)
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
"""
修改记录
"""
front_cover_img = web_helper.get_form('front_cover_img', '图片')
content = web_helper.get_form('content', '内容', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
# 更新记录
sql = """update infomation set front_cover_img=%s, content=%s where id=1"""
vars = (
front_cover_img,
content,
)
# 写入数据库
db_helper.write(sql, vars)
# 直接输出json
return web_helper.return_msg(0, '成功')
def callback1():
"""
修改记录
"""
front_cover_img = web_helper.get_form('front_cover_img', '图片')
content = web_helper.get_form('content', '内容', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
# 更新记录
sql = """update infomation set front_cover_img=%s, content=%s where id=1"""
vars = (
front_cover_img,
content,
)
# 写入数据库
with db_helper.PgHelper(db_config.DB, db_config.IS_OUTPUT_SQL) as db:
db.execute(sql, vars)
db.commit()
# 直接输出json
return web_helper.return_msg(0, '成功')
def test_filter_str(self):
print(string_helper.filter_str('aaa'))
print(string_helper.filter_str('aaa<>&\''))
print(string_helper.filter_str('aaa<|>|&|%|~|^|;|\''))
def check_user_power():
"""检查当前用户是否有访问当前接口的权限"""
# 读取session
session = web_helper.get_session()
# session不存在则表示登录失效了
if not session:
web_helper.return_raise(web_helper.return_msg(-404, "您的登录已失效,请重新登录"))
# 获取当前页面原始路由
rule = request.route.rule
# 获取当前访问接口方式(get/post/put/delete)
method = request.method.lower()
# 获取当前访问的url地址
url = string_helper.filter_str(request.url, '<|>|%|\'')
# 初始化日志相关变量
_manager_operation_log_logic = manager_operation_log_logic.ManagerOperationLogLogic()
ip = web_helper.get_ip()
manager_id = session.get('id')
manager_name = session.get('name')
# 设置访问日志信息
if method == 'get':
method_name = '访问'
else:
method_name = '进行'
# 获取来路url
http_referer = request.environ.get('HTTP_REFERER')
if http_referer:
# 提取页面url地址
index = http_referer.find('?')
if index == -1:
web_name = http_referer[http_referer.find('/', 8) + 1:]
else:
web_name = http_referer[http_referer.find('/', 8) + 1: index]
else:
web_name = ''
# 组合当前接口访问的缓存key值
key = web_name + method + '(' + rule + ')'
# 从菜单权限缓存中读取对应的菜单实体
_menu_info_logic = menu_info_logic.MenuInfoLogic()
model = _menu_info_logic.get_model_for_url(key)
if not model:
# 添加访问失败日志
_manager_operation_log_logic.add_operation_log(manager_id, manager_name, ip, '用户访问[%s]接口地址时,检测没有操作权限' % (url))
web_helper.return_raise(web_helper.return_msg(-1, "您没有访问权限1" + key))
# 初始化菜单名称
menu_name = model.get('name')
if model.get('parent_id') > 0:
# 读取父级菜单实体
parent_model = _menu_info_logic.get_model_for_cache(model.get('parent_id'))
if parent_model:
menu_name = parent_model.get('name').replace('列表', '').replace('管理', '') + menu_name
# 从session中获取当前用户登录时所存储的职位id
positions = positions_logic.PositionsLogic()
page_power = positions.get_page_power(session.get('positions_id'))
# 从菜单实体中提取菜单id,与职位权限进行比较,判断当前用户是否拥有访问该接口的权限
if page_power.find(',' + str(model.get('id', -1)) + ',') == -1:
# 添加访问失败日志
_manager_operation_log_logic.add_operation_log(manager_id, manager_name, ip, '用户%s[%s]操作检测没有权限' % (method_name, menu_name))
web_helper.return_raise(web_helper.return_msg(-1, "您没有访问权限2"))
if not (method == 'get' and model.get('name') in ('添加', '编辑')):
# 添加访问日志
_manager_operation_log_logic.add_operation_log(manager_id, manager_name, ip, '用户%s[%s]操作' % (method_name, menu_name))